Detecting Security Vulnerabilities with Software Architecture Analysis Tools

Author

Karppinen, Kaarina ; Lindvall, Mikael ; Yonkwa, Lyly

Author_Institution

VTT Tech. Res. Centre of Finland, Espoo

fYear

2008

fDate

9-11 April 2008

Firstpage

262

Lastpage

268

Abstract

Hidden functionality in software is a big problem, because we cannot be sure that the software does not contain malicious code. We conducted an experiment where we studied the relationship between architecture constructs, dynamic behavior and security vulnerabilities. We also studied to what extent architecture analysis tools can assist in detecting security vulnerabilities that are caused by architecture violations. Using the tool, we were able to capture the dynamic pattern of a user breaking in to the system using the back door. Based on the dynamic information in combination with the static information, we obtained a good picture of the "visual image" of the back door. Such "visual images" can be used to detect vulnerabilities and ultimately help to design software architectures that meet their security requirements.

Keywords

security of data; software architecture; software tools; hidden functionality; security vulnerabilities detection; software architecture analysis tools; software architecture design; visual image; Best practices; Computer architecture; Documentation; Information security; Software architecture; Software engineering; Software maintenance; Software testing; Software tools; Visualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Testing Verification and Validation Workshop, 2008. ICSTW '08. IEEE International Conference on

Conference_Location

Lillehammer

Print_ISBN

978-0-7695-3388-9

Type

conf

DOI

10.1109/ICSTW.2008.14

Filename

4567018